Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                              CERT-Renater

                  Note d'Information No. 2025/VULN026

_____________________________________________________________________

DATE                : 21/01/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Veeam Backup for Microsoft Azure
                               versions prior to 7.1.0.59.

=====================================================================
https://www.veeam.com/kb4709
_____________________________________________________________________


Veeam Backup for Microsoft Azure Vulnerability
(CVE-2025-23082)
KB ID: 	4709
Product: 	Veeam Backup for Microsoft Azure | 7
Published: 	2025-01-13
Last Modified: 	2025-01-13


Article Applicability

This article documents a vulnerability discovered in the Veeam Backup
for Microsoft Azure backup appliance, which is used by Veeam Backup &
Replication to protect Microsoft Azure workloads.


If a Veeam Backup & Replication deployment is not protecting Microsoft
Azure workloads, such a deployment is not impacted by the
vulnerability discussed in this article.

You can verify if Veeam Backup & Replication manages a Veeam Backup
for Microsoft Azure backup appliance by checking the Backup
Infrastructure > Managed Servers list for any 'Microsoft Azure backup
appliance' type entries.


Issue Details

CVE-2025-23082

A vulnerability that may allow an attacker to utilize Server-Side
Request Forgery (SSRF) to send unauthorized requests from the system,
potentially leading to network enumeration or facilitating other
attacks.

Affects Veeam Backup for Microsoft Azure 7.1.0.22 and all earlier
versions.

Severity: High
CVSS v3.1 Score: 7.2
Source: Discovered during internal testing.


Solution

This vulnerability was fixed starting in the following build of
Veeam Backup for Microsoft Azure:

    Veeam Backup for Microsoft Azure 7.1.0.59



	
=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================